A Guide to Fixing Hacked Joomla Websites

A Guide to Fixing Hacked Joomla Websites

A Guide to Fixing Hacked Joomla Websites

Joomla is an extremely popular Content Management System used by tens of thousands of websites. There are many advantages to it and using Joomla is really simple.

But like many other CMS, Joomla website can experience breaches too. In such cases, your site will get hacked or broken. You’d need to act quick to fix your website. In this guide, you’ll learn how to fix a hacked Joomla website.

How Joomla Websites are Hacked?

Joomla is a highly-secure system. It has a dedicated community behind it that looks for security loopholes and fix them.

But it’s the third-party themes and plugins that you install that create the vulnerabilities. These are vulnerable to XXS or Cross-site Scripting attacks. In this type of attack, hackers try to inject JavaScript codes into your browser to leave the website exposed.

Another common hack is SQL injection where the hacker inject malicious SQL command into your database.

In both of these attacks, the hackers gain admin-level access to your website and steal or manipulate the data.

How to Fix the Hack?

Before you start repairing your website, you need to ensure that the breach is limited to your website and other websites on the server are unaffected. So check other websites as well.

You can then move ahead with the fixing process. Here are the steps involved in this process:
  • Clean the Database
When there’s an SQL injection attack, it can create many database users that pose threat to the website. You need to delete them by doing a database cleanup. Use the following code in your terminal:

Select * from users as u
AND u.created > UNIX_TIMESTAMP(STR_TO_DATE(‘My_Date’, ‘%M %d %Y ’));
You can delete the unnecessary users manually as well by using the SQL Statement “Drop User”.
  • Secure the Server
Next, you need to secure your server. Here are some steps to take to secure it:
  • If there are open ports, close them
  • Clear all the unused subdomains
  • Regularly check for configuration issues
  • When you’re sharing a server, use a reliable VPN service
  • Block the error messages that contain the information
  • Enable firewalls for added protection
  • Set or Reset Permissions
If you haven’t set permissions for your files and folders, then do it on an immediate basis. In case you have done so and experienced a breach, reset them.

Here are some steps to take:
  • Limit the users capability to upload only image and video files and not any executable like PHP
  • Restrict all users from accessing the .htaccess file except the admin. You can use this command -
    chmod 444 .htaccess
  • Restrict everyone from overwriting the PHP files with this command -
chmod 444 *.php
  • Check for Modified Files in Joomla and Restore them
When there’s an attack, hackers often inject modified files into your database. You need to remove them by restoring your website. Use the follows steps for this:
$ diff -r joomla-3.6.4 ./public_html
  • Check for modified files with the command:
$ find ./ -type f -mtime -15

If you find any modified files, then remove them.
  • Check Logs
System logs will give you a better picture on the attacks since it records all the activities happening on your website. If a XSS or SQL attack takes place, it will get recorded as well.
  • Log into your Joomla dashboard and navigate to Users >> Manage
  • Check for suspicious users with unusual activities. Specifically check for recent users
  • If you spot any unknown user, remove them from the list
  • Inspect the server log location. This will help you spot XSS and SQL injection attacks
  • Use Google Diagnostic Report for users with unknown IPs. Remove them accordingly
To ensure the website isn’t hacked again, update regularly and scan using trusted antivirus software. Take periodic updates and keep changing passwords from time to time. With these measures, your website will be less prone to breaches.
First release
Last update
0.00 star(s) 0 ratings

More resources from kumkumsharma